Documentation

Other

Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Script to login as Guest

Hello, I've been asked to push a script to select Macs that causes them to automatically login to the guest account.

I've got a working script (below) to write to the necessary keys. However I've run into a really weird case where System Preferences shows the guest account is enabled and selected for auto login, however when I reboot I land at the login screen. I'm testing on a MacBook Air 13" that I internet recover between tests.

I have MDM profiles in production that enforces username/password and disabled the guest account. The end goal is to push this script to a group of systems that I've removed MDM from, however my lab system does not have any MDM/MCX. In fact my lab system has not been hooked to Casper or AD.

We use "Guest Accounts" with our Library computers. We just send out a script to activate "Guest" and set login screen to just show Guest user. We don't want autologin because every user should get a fresh Guest account to work with. For which reason will you need the guest Account?

Creating the Guest User works fine.
But now I'm having trouble with the keychain on my Guest User Account when I open up Safari. It says that the password has changed and I need to set a new password for keychain.

It works when I remove the following line:
security add-generic-password -a Guest -s com.apple.loginwindow.guest-account -D "application password" /Library/Keychains/System.keychain

But then I need to login with password on my Guest User Account. When I hit Enter (no Password) it logs in.

the solution I finally settled on combines the one fabsen83 mentioned and the one posted here: https://derflounder.wordpress.com/2013/12/29/creating-custom-guest-users-on-os-x/

it works well, however for 10.10, I'm having a keychain issue. For some reason a keychain is not being created for the new guest user which causes Safari to complain. This happens each time the guest user logs in since the account folder deletes itself on logout.

We got around the keychain issue by... not creating a keychain for the account and allowing it to create itself. It's a guest account anyway it'll only get blown away anyhoo. This, of course, means that the guest account might not be able to auto-login but that's something we can live with. Code follows: